Organisations continue to be at risk from cybersecurity incidents – with each incident potentially costing millions of dollars.
This risk – and cost – is only likely to increase as the social engineering and technical elements of cyber-attacks become more sophisticated. To help organisations respond effectively to these threats, the Australian Cyber Security Centre and the Australian Signals Directorate have developed the "Essential 8" baseline mitigation strategies. According to the ACSC, these strategies can be customised according to each organisation’s risk profile and the cyber threats they are most concerned about.
The "Essential 8" incorporates four mitigation strategies to prevent the delivery and execution of malware. We’ve summarised these here:
- Application whitelisting: By "whitelisting" approved applications, organisations can stop unapproved or malicious programs from executing.
- Patch applications: Patching computers with "extreme risk" application vulnerabilities within 48 hours – and using the latest version of applications – can reduce the risk of malicious code executing.
- Configure Microsoft Office macro settings to block macros from the internet – and apply strict rules to approved macros – to reduce the risk of delivery and execution of malicious code.
- Apply user application hardening: Blocking certain applications and disabling unneeded features in others can remove popular methods of delivering and executing malicious code.
The "Essential 8" also features three strategies to limit the extent of cyber security incidents. These are summarised below:
- Only giving users operating system and application administrator rights if their role warrants it – avoiding giving away the "keys to the kingdom", thus increasing risk to systems and information.
- Patch computers with "extreme risk" operating system vulnerabilities within 48 hours and use the latest version of these systems, to avoid being compromised.
- Apply multi-factor authentication for remote access, and for all users when they perform a privileged action or access an important data repository – providing a bigger obstacle for adversaries that want to infiltrate systems or information.
Finally, the "Essential 8" incorporates – as a mitigation strategy to recover data and system availability – backing up important new or changed data, software and configuration settings daily and keeping the backups for three months. This will help an organisation recover from a cyber security incident.
Your organisation should strongly consider applying the "Essential 8" as the foundation of a mature, robust cybersecurity strategy. If you would like to learn more, please contact us at firstname.lastname@example.org.